F5-CA Changed F5CAB3 Questions

The log message " aggressive mode activated " indicates that the BIG-IP ' s adaptive connection management system (the " Sweeper " ) has detected that the system ' s memory or connection limits are reaching a critical threshold. To protect the system from crashing due to memory exhaustion (OOM), the BIG-IP enters Aggressive Mode, where it begins to proactively and rapidly reap (close) idle connections to free up resources for new incoming traffic.

To mitigate this and return the system to a healthy state, the administrator needs to reduce the overall resource footprint of existing connections. Decreasing the TCP profile Idle Timeout value (Option B) is the most effective administrative action. In many environments, the default idle timeout is 300 seconds (5 minutes). If a large number of connections remain " open " in the BIG-IP connection table long after the clients have stopped sending data, they consume valuable TMM (Traffic Management Microkernel) memory. By lowering the timeout (e.g., to 60 or 120 seconds), the BIG-IP can expire and remove these inactive entries much sooner, preventing the connection table from bloating and triggering the Sweeper ' s aggressive mode.

Conversely, increasing the timeout (Option C) would exacerbate the problem by keeping " dead " connections in memory even longer. Connection Mirroring (Option D) actually increases memory usage because every connection must be duplicated on the standby peer. An active-active configuration (Option A) might spread the load but does not address the underlying resource management issue on the individual units. Therefore, tightening the idle timers is the standard procedural fix for memory pressure caused by high connection volumes.

In BIG-IP systems, iRules influence traffic only when they are attached to a Virtual Server. If application traffic is being sent to nodes or pool members that are not defined in the pool, this typically indicates that an iRule is overriding the default load-balancing behavior by explicitly selecting a pool or node.

According to BIG-IP Administration: Data Plane Configuration and official F5 guidance:

iRules are associated with Virtual Servers, not directly with pools or nodes.

To determine whether an iRule is actively affecting traffic, the administrator must inspect the Virtual Server configuration.

Explanation of the correct answers:

B. Via the GUI at the Resources tab for the virtual serverThe Resources tab in the Configuration Utility displays all traffic-handling objects applied to the Virtual Server, including assigned iRules. This is the primary GUI location to verify whether an iRule is influencing data plane traffic.

C. Via TMSH with the list /ltm virtual < virtual_server > commandThis TMSH command displays the full Virtual Server configuration, including any iRules listed under the rules section. It is the authoritative CLI method to confirm iRule usage.

Why the other options are incorrect:

A. Via TMSH with the list /ltm rule < irule > commandThis command only shows the contents of an iRule and does not indicate whether the iRule is attached to or used by any Virtual Server.

D. Via the GUI at the iRule tab for the virtual serverBIG-IP does not provide a dedicated “iRule” tab on Virtual Servers. iRules are viewed and managed under the Resources tab.

Correct Conclusion:

To verify whether an iRule is responsible for unexpected node selection, the BIG-IP Administrator must examine the Virtual Server configuration, either through the Resources tab in the GUI or by using TMSH to list the Virtual Server configuration.

In F5 BIG-IP systems, an iApp is a template-driven framework used to deploy and manage application-specific configurations. When an iApp is deployed, the system creates a specialized folder or " Application Service " container to hold all the resulting Local Traffic Manager (LTM) objects, such as virtual servers, pools, and profiles. This container is visually and programmatically identified by the .app extension in its path name.

The naming convention for these objects follows a specific hierarchical structure: / < partition > / < iapp_name > .app/ < object_name > . For example, if an administrator creates an iApp named " testhttp " in the " /Common " partition, the virtual server created by that iApp would be identified in the configuration (TMSH) and the GUI as /Common/testhttp.app/testhttp. This structure allows the BIG-IP system to distinguish between manually created objects and those managed by the iApp ' s automation logic.

This identification is crucial because iApp-managed objects typically have Strict Updates enabled, which prevents administrators from making direct manual changes to the object settings outside of the iApp ' s reconfigure interface. Attempting to modify such an object directly will result in an error message stating that the application service must be updated using an application management interface. By recognizing the .app path and the repeated name within the structure, an administrator can immediately identify that the object belongs to an iApp and should be managed through the iApp ' s specific management screen rather than standard LTM configuration menus.

Forwarding (IP) virtual servers forward traffic based on routing decisions and do not use pools or pool members.